Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/228e16-f808-4471-a984-364ee2859f2c/1/G1J3YczbWTgG_weBNpjN5SlY3Ko.roa
File:                     G1J3YczbWTgG_weBNpjN5SlY3Ko.roa (raw, json)
Hash identifier:          FpPJQ/OMO3PXOUIPLDD57MnAwBtFgSayzdq1Rklx9a0=
Subject key identifier:   1B:52:77:61:CC:DB:59:38:06:FF:07:81:36:98:CD:E5:29:58:DC:AA
Certificate issuer:       /CN=e6a8ab8a8078bb3b57e56ff7c0bd4da63ee82c8b
Certificate serial:       018CC34896E4A9888A3A7F29E02AFCD79EAE
Authority key identifier: E6:A8:AB:8A:80:78:BB:3B:57:E5:6F:F7:C0:BD:4D:A6:3E:E8:2C:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5qirioB4uztX5W_3wL1Npj7oLIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/228e16-f808-4471-a984-364ee2859f2c/1/G1J3YczbWTgG_weBNpjN5SlY3Ko.roa
Signing time:             Mon 01 Jan 2024 04:29:23 +0000
ROA not before:           Mon 01 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60086
IP address blocks:        185.59.0.0/22 maxlen: 22
                          2a02:66a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/228e16-f808-4471-a984-364ee2859f2c/1/5qirioB4uztX5W_3wL1Npj7oLIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/228e16-f808-4471-a984-364ee2859f2c/1/5qirioB4uztX5W_3wL1Npj7oLIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5qirioB4uztX5W_3wL1Npj7oLIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:96:e4:a9:88:8a:3a:7f:29:e0:2a:fc:d7:9e:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6a8ab8a8078bb3b57e56ff7c0bd4da63ee82c8b
        Validity
            Not Before: Jan  1 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b527761ccdb593806ff07813698cde52958dcaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:46:f9:51:ca:6a:9c:28:0f:0c:e5:82:af:7f:
                    1f:4f:bf:0b:87:89:df:a5:4b:1e:5b:1e:a9:31:e8:
                    be:4b:d3:40:8a:f0:65:28:59:35:06:95:69:2f:c8:
                    10:a0:8c:94:94:11:81:ef:89:3e:14:a2:20:0b:61:
                    b9:30:5e:5a:07:66:bb:39:ea:f0:13:1a:80:a8:a9:
                    97:e9:37:83:29:15:bf:1e:cd:c5:44:b1:07:bb:1f:
                    57:22:5e:09:e7:24:38:b8:84:ec:b1:d9:a2:dd:1e:
                    e9:c9:86:c6:ec:57:4d:c3:5b:fe:1e:2f:21:35:ed:
                    88:af:54:f5:43:26:d8:cd:ab:f5:36:8f:5b:ad:a1:
                    95:d8:af:f2:20:66:6a:3c:cf:6e:07:83:42:72:7b:
                    6a:c9:2f:08:9f:b3:47:30:76:d3:67:c1:cf:0f:a0:
                    92:77:a5:1e:f2:08:5c:af:3f:12:6f:f9:e4:1f:bf:
                    87:ae:67:f2:65:84:72:20:ff:58:4c:5d:cd:20:12:
                    bf:ba:32:98:3d:44:8c:3d:98:ae:60:b2:4b:a0:e7:
                    cb:b9:b2:b5:3a:dc:44:b0:e0:4c:1c:0f:89:3d:56:
                    07:3b:e4:65:7d:85:ba:fb:31:09:5f:b7:0d:d5:b2:
                    46:31:72:66:b1:1b:aa:8e:31:6f:b7:1c:96:c0:11:
                    27:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:52:77:61:CC:DB:59:38:06:FF:07:81:36:98:CD:E5:29:58:DC:AA
            X509v3 Authority Key Identifier:
                keyid:E6:A8:AB:8A:80:78:BB:3B:57:E5:6F:F7:C0:BD:4D:A6:3E:E8:2C:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5qirioB4uztX5W_3wL1Npj7oLIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/228e16-f808-4471-a984-364ee2859f2c/1/G1J3YczbWTgG_weBNpjN5SlY3Ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/228e16-f808-4471-a984-364ee2859f2c/1/5qirioB4uztX5W_3wL1Npj7oLIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.0.0/22
                IPv6:
                  2a02:66a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         18:12:11:7d:d7:9f:7c:35:b9:94:71:c7:59:f3:26:b7:81:d8:
         81:2c:83:8a:41:b0:e4:de:64:c5:6c:29:1c:b0:6e:a1:34:fe:
         24:d1:c1:04:85:91:03:a5:ae:e3:bd:2c:21:dd:9f:c3:a1:2f:
         5f:10:78:e0:fe:7f:79:a7:1f:54:88:1f:29:75:29:01:8e:8c:
         54:07:f2:38:aa:24:09:b5:32:59:a3:ad:77:c1:90:97:8a:50:
         59:b8:48:6e:d2:a1:b9:be:a5:08:dd:02:b9:54:48:5e:0a:4b:
         2a:a3:c4:0b:b1:af:ce:24:17:02:ff:a5:23:58:2d:c0:34:82:
         49:b0:45:a7:10:66:f6:f7:f1:68:14:7d:1f:ae:9b:56:dd:93:
         b8:ef:39:a2:15:28:77:c9:08:4b:e6:c4:52:54:bb:d6:eb:9f:
         19:9f:86:5f:b0:87:36:ab:a6:ee:2e:ca:d7:14:db:47:ea:0e:
         39:ab:74:de:42:6b:6f:5e:99:fb:b1:c1:0f:5d:56:29:89:a2:
         de:8b:c6:9d:90:68:41:27:ab:44:94:5b:83:8c:37:cf:ba:5f:
         05:1b:48:47:09:3b:55:5b:4e:f8:c3:c7:a7:32:30:35:1a:84:
         fb:8e:9d:6d:2d:b7:b1:e6:b6:4c:5c:f7:51:ea:0c:49:f1:b6:
         a8:49:26:ef
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSJbkqYiKOn8p4Cr8156uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2YThhYjhhODA3OGJiM2I1N2U1NmZmN2MwYmQ0ZGE2M2Vl
ODJjOGIwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjUyNzc2MWNjZGI1OTM4MDZmZjA3ODEzNjk4Y2RlNTI5NThkY2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA60b5UcpqnCgPDOWCr38fT78Lh4nf
pUseWx6pMei+S9NAivBlKFk1BpVpL8gQoIyUlBGB74k+FKIgC2G5MF5aB2a7Oerw
ExqAqKmX6TeDKRW/Hs3FRLEHux9XIl4J5yQ4uITssdmi3R7pyYbG7FdNw1v+Hi8h
Ne2Ir1T1QybYzav1No9braGV2K/yIGZqPM9uB4NCcntqyS8In7NHMHbTZ8HPD6CS
d6Ue8ghcrz8Sb/nkH7+HrmfyZYRyIP9YTF3NIBK/ujKYPUSMPZiuYLJLoOfLubK1
OtxEsOBMHA+JPVYHO+RlfYW6+zEJX7cN1bJGMXJmsRuqjjFvtxyWwBEnHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBtSd2HM21k4Bv8HgTaYzeUpWNyqMB8GA1UdIwQY
MBaAFOaoq4qAeLs7V+Vv98C9TaY+6CyLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXFpcmlvQjR1enRYNVdfM3dMMU5wajdvTElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8yMjhlMTYtZjgwOC00NDcxLWE5ODQt
MzY0ZWUyODU5ZjJjLzEvRzFKM1ljemJXVGdHX3dlQk5wak41U2xZM0tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8yMjhlMTYtZjgwOC00NDcxLWE5ODQtMzY0ZWUyODU5ZjJj
LzEvNXFpcmlvQjR1enRYNVdfM3dMMU5wajdvTElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTsAMA0E
AgACMAcDBQAqAmagMA0GCSqGSIb3DQEBCwUAA4IBAQAYEhF91598NbmUccdZ8ya3
gdiBLIOKQbDk3mTFbCkcsG6hNP4k0cEEhZEDpa7jvSwh3Z/DoS9fEHjg/n95px9U
iB8pdSkBjoxUB/I4qiQJtTJZo613wZCXilBZuEhu0qG5vqUI3QK5VEheCksqo8QL
sa/OJBcC/6UjWC3ANIJJsEWnEGb29/FoFH0frptW3ZO47zmiFSh3yQhL5sRSVLvW
658Zn4ZfsIc2q6buLsrXFNtH6g45q3TeQmtvXpn7scEPXVYpiaLei8adkGhBJ6tE
lFuDjDfPul8FG0hHCTtVW074w8enMjA1GoT7jp1tLbex5rZMXPdR6gxJ8baoSSbv
-----END CERTIFICATE-----